'use strict';
module.exports = options => {
  return async (ctx, next) => {
    if (!options.exclude.includes(ctx.request.url.split('?')[0])) {
      const token = ctx.params('header.token');
      const userId = await ctx.app.redis.get(token); 
      if (!token || !userId) {
        ctx.body = {
          returnMessage: '禁止访问',
          returnCode: '10006',
          request: `${ctx.method} ${ctx.path}`,
          bean: {},
          beans: [],
        };
        ctx.status = 403;
        return false;
      } 
    }
    await next();
  };

    
  // return async (ctx, next) => {
  //   const token = ctx.params('header.token');
  //   const username = ctx.params('body.username');
  //   const redisUsername = await ctx.app.redis.get(username);
  //   const user = redisUsername ? redisUsername === token : redisUsername;
  //   if (!user && !options.exclude.includes(ctx.request.url.split('?')[0])) {
  //     ctx.body = {
  //       returnMessage: '禁止访问',
  //       returnCode: '10006',
  //       request: `${ctx.method} ${ctx.path}`,
  //       bean: {},
  //       beans: [],
  //     };
  //     ctx.status = 403;
  //   } else {
  //     await next();
  //   }
  // };
};
